Comment on page
Internal Field Separator (IFS) refers to a variable which defines the character or characters used to separate a pattern into tokens for some operations. The value of IFS, typically includes the space, tab, and the newline by default. To keep it simple and stupid, just think IFS = space.
Shell variables can be referenced using the
$sign. For example,
$1refers to the first shell variable and
$2refers to the second shell variable. Similarly,
$9refers to the
9thshell varaible and it is an empty string in most cases.
If whitespaces are blocked by the application, we can try using the following payload to replace whitespace:
$IFSacts as a whitespace and
$9acts as a separator.